< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index	Next in Thread >

Re: [reSIProcate] Resiprocate Client with OpenSER server.....trying to establish TLS connection :- Error when verifying server's chain of certificates: unable to get local issuer certificate

From: "Kundan Kumar" <kundancs@xxxxxxxxx>
Date: Wed, 2 May 2007 10:15:37 +0530

hi...
yeah.. I am using root certificate in PEM format as cacert.pem at /resiprocate/resip/certs and I gave path in /etc/ssl/openssl.cnf.
Actually I have given the path for the certs also @ /resiprocate/resip/certs/openssl.cnf. I am confused where exactly is this resiprocate looking for the exact path for the root CA certificate for verification of Server certificate. Correct me if I am wrong.

The following message is being seen in my logs....
=====================================================================

Error whennnnnnnn verifying server's chain of certificates: self signed certificate in certificate chain, depth=1 /CN=OpenSER/ST=SIP/C=IP/emailAddres
ilnCode = 0
TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Error code = 336134278 file=s3_clnt.c line=89401:lib(0):func(0):reason(1)
Couldn't TLS connect

=====================================================================

I will be very much obliged at your kind n earliest response....

Thanks and regards,
Kundan.

On 5/1/07, Ryan Kereliuk <ryker@xxxxxxxxx> wrote:

Are you sure you have the root certificate in PEM format in a location
that resiprocate is looking at?  If you enable DebugLog logging, do you
see a message like "Trying to load file <your_root_cert_file>"?

Thanks,
-Ryan

On 2007-05-01 at 17h43, Kundan Kumar wrote:
>
> While attempting TLS connection  through resiprocate  with  openSER server
> ...giving  following errors:
> =======================================================================
> Error when verifying server's chain of certificates: unable to get local
> issuer certificate, depth=0 /C=IN/ST=AP/O=OC/OU=OCD/CN=VPN/emailAddre
> ========================================================================
>
> I generated root certificate using openssl and modified openssl.cnf placed
> at /etc/ssl/openssl.cnf and resiprocate/resip/certs/openssl.cnf ..... I have
> added the cacert.pem at the resiprocate client  also.
>
> Can anyone help me regarding above problem??

--
KUNDAN KUMAR.....

Follow-Ups:
- Re: [reSIProcate] Resiprocate Client with OpenSER server.....trying to establish TLS connection :- Error when verifying server's chain of certificates: unable to get local issuer certificate
  - From: Ryan Kereliuk

References:
- [reSIProcate] Resiprocate Client with OpenSER server.....trying to establish TLS connection :- Error when verifying server's chain of certificates: unable to get local issuer certificate
  - From: Kundan Kumar
- Re: [reSIProcate] Resiprocate Client with OpenSER server.....trying to establish TLS connection :- Error when verifying server's chain of certificates: unable to get local issuer certificate
  - From: Ryan Kereliuk